package com.jh.fcsm.common;

import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import org.apache.commons.lang3.StringEscapeUtils;
import org.jsoup.Jsoup;
import org.jsoup.safety.Safelist;

import java.io.IOException;

public class StringXssDeserializer extends JsonDeserializer<String> {
    @Override
    public String deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
        if (p == null || p.getText() == null) {
            return null;
        }

        String source = p.getText().trim();
        if ("cuType".equals(p.getCurrentValue()) ||"no".equals(ctxt.getAttribute("cuType"))) {
            return Jsoup.clean(source, Safelist.relaxed());
        }
        // 把字符串做XSS过滤
        source = StringEscapeUtils.escapeHtml4(source);
        return source;
    }

}